Challenges

Organizations must be able to control which users are granted access to which applications and data

Modern, distributed workforces and with applications able to be located virtually anywhere – the cloud, as-a-service (aaS), on-premises, in data centers – presents a new set of challenges related to easing application access for legitimate users

Cumbersome application security requirements increase the risk of driving users to use less secure, but easier to maintain, habits such as using weak passwords or reusing passwords

Key Benefits

User access can be managed and administered centrally

Users may authenticate once and be granted seamless access to on-premises software-as-a-service (SaaS), and cloud-based applications to which they are approved access

Capabilities such as single sign-on (SSO) and multi-factor authentication (MFA) may be extended to applications that do not support those modern authentication methods or that support Kerberos or header-based authentication

Enhanced security for on-premises applications is provided by securing all HTTP traffic to and from an application

Employees, partners, and customers can each have centralized, secure access to only the appropriate apps and resources for which they are authorized access

Organizations everywhere, from small and mid-sized businesses to Fortune 100 companies, have migrated or are actively migrating from on-premises application launched from data centers, to an increasing reliance for on-demand, managed software-as-a-service (SaaS) and self-managed cloud-based applications. As a result, it is more important than ever for organizations to exert control over who is granted access to which applications and data.

The distributed nature of modern workforces and applications, not to mention the global reach of organizations (including all partners, clients, and customers) presents a new set of application access challenges for those organizatons and their legitimate users alike. It’s not at all unusual for users today to track multiple URLs, user names, and passwords to access the array of applications they rely on to accomplish their work. This is a hassle for users and actually increases security risks by driving them to less secure, but easier to maintain, habits such as using weak passwords or reusing passwords across multiple sign-ins, even between personal and business applications.

Single Sign-On (SSO) empowers users while simplifying management and control

Identity-as-a-Service (IDaaS) and its primary capability, single sign-on (SSO), addresses many of these challenges by providing users with a single, centralized point to log-in and access all of the applications to which they are authorized access, while empowering organizations to manage and secure their user credentials. However, to be enterprise-ready, these solutions must be able handle an organization’s varying, ever-changing demands.

To ensure users have access to powerful and easy-to-implement enterprise-ready IDaaS solutions, F5 partners Okta, one of the market leaders in this space. Okta delivers enterprise-grade identity management services built specifically to help modern organizations thrive in cloud environments. Organizations worldwide use Okta to manage access across their applications, users, and devices to ensure access security, increase user productivity, and maintain industry and regulatory compliance.

Okta Single Sign-On is part of a complete identity and access management (IAM) solution for organizations adopting and building for cloud and mobile that need to contain costs, fulfill user productivity targets, and avoid security risks. Unlike legacy federation and access management systems, Okta Single Sign-On is a lightweight, easy-to-deploy solution that securely connects your employees, contractors, and customers across any of their devices to all their cloud and on-premises applications.

F5 Networks and Okta partnership

IDaaS has become the preferred enterprise identity management and SSO option in large part because it helps reduce costs and accelerate cloud-first initiatives. Moving to IDaaS is often the easiest, most cost-effective option for organizations to deploy SSO access across their enterprise applications and users.

Okta and F5 can help you easily implement secure application access and identity management, even in complex hybrid environments where employees, vendors, contractors, and customers each require their own level of application access. F5 BIG-IP Access Policy Manager (APM), together with the Okta Identity Cloud, enables organizations to deploy a single launch pad for secure, authorized access to all apps, no matter where they reside.

Customers such as Pitney Bowes have deployed BIG-IP APM to provide secure access to applications such as Oracle E-Business, SharePoint, or custom applications. BIG-IP APM provides a range of services to protect and manage access to applications. Pitney Bowes leveraged the Okta and F5 integration to create a more streamlined solution for access to both cloud and on-premises applications. Pitney Bowes replaced their legacy access management gateway with BIG-IP APM, with Okta as the authentication point, and F5 addressing reverse proxy requirements. With SSO enabled alongside the new integration, Pitney Bowes users are able to reliably navigate between all of the relevant apps without disruption. Reliability is at 99.92%, which is a significant improvement over their legacy solution.

Summary

In complex environments with a variety of users (employees, contractors, partners, suppliers, customers, etc.) and the applications to which they require secure, authorized access to get their jobs done, organizations often prefer to enable SSO for their users. F5 and Okta have partnered to create a solution that enables SSO with multi-factor authentication, while allowing access to all the various applications that require different forms of authentication. The joint solution is easy to manage, yet powerful enough to discern between different types of users and even different environments.

F5 and Okta features

When F5 BIG-IP APM is deployed and configured with Okta, organizations can manage access through a single pane of glass in the Okta admin console

Users can authenticate once into Okta and seamlessly access on-premises, SaaS, and cloud-based applications

F5 extends Okta’s authentication capability to applications that do not natively support modern authentication mechanisms or that support Kerberos or header-based authentication

Organizations can differentiate access for their various user types, so employees, partners, and customers can each enjoy secure, centralized access only to the appropriate apps and resources to which they are authorized access—and an organization can enable or disable app access depending on where a user is located at that time (secure location vs. coffee shop, for example)

For more information about the F5 and Okta partnership and solution integration, visit F5 BIG-IP APM.